Update macOS notarization to use notarytool (#254)

* changing to notarytool * re-sign brotli --------- Co-authored-by: pookie <[email protected]>
ashirt-ops · Jun 1, 2024 · 8098162 · 8098162
1 parent 8e2abeb
commit 8098162
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -155,11 +155,12 @@ jobs:
                 -i ../deploy/hicolor/128x128/apps/ashirt.png \
                 --plugin=qt
         elif [[ "$RUNNER_OS" == "macOS" && "${{ env.signMacRelease }}" == "true" ]]; then
-            brew tap mitchellh/gon
-            brew install mitchellh/gon/gon jq
-            export ID=${{ env.name }}.dmg
-            echo "${{ secrets.GON_CONF }}" | base64 -D -i - | jq '.notarize[0].path = env.ID' > notarize.json
-            gon notarize.json
+            # Prepare application for notarization
+            xcrun notarytool store-credentials "AC_PASSWORD" --apple-id ${{ secrets.APPLE_ID }} --team-id ${{ secrets.TEAM_ID }} --password ${{ secrets.APP_SPECIFIC_PASSWORD }}
+            # Notarize the application
+            xcrun notarytool submit ${{env.name}}.dmg --keychain-profile "AC_PASSWORD" --wait
+            # Staple the ticket to the application
+            xcrun stapler staple ${{env.name}}.dmg
         elif [[ "$RUNNER_OS" == "Windows" && "${{ env.signWinRelease }}" == "true" ]]; then
             signtool sign -f certificate\\certificate.pfx -fd certHash -p '${{ secrets.WIN_CERT_PASS }}' -t http://timestamp.digicert.com ${{env.name}}.exe
         fi

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -73,6 +73,7 @@ if(APPLE)
             TARGET ashirt POST_BUILD
             COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks
             COMMAND install ${HOMEBREW_CELLAR}/brotli/1.1.0/lib/libbrotlicommon.1.1.0.dylib ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks/libbrotlicommon.1.dylib
+            COMMAND codesign --remove-signature ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks/libbrotlicommon.1.dylib
             COMMAND codesign -v --timestamp --sign ${NOTARIZE_AS} ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app/Contents/Frameworks/libbrotlicommon.1.dylib
             COMMAND ${PLATFORMDEPLOYQT} ${CMAKE_CURRENT_BINARY_DIR}/ashirt.app -sign-for-notarization=${NOTARIZE_AS}
         )